Security News 20 Remote Code Execution Vulnerabilities Patched in Foxit PDF Reader and Editor

Parkinsond

Level 63
Thread author
Verified
Top Poster
Well-known
Dec 6, 2023
5,168
16,102
6,169
The fixes arrive in the July 8, 2026 security release and cover multiple Windows and macOS versions, with several flaws rated Important and capable of arbitrary code execution.


Many of the flaws can be triggered by specially crafted PDF files, including those containing embedded JavaScript, abnormal annotations, malformed page trees, corrupted signature fields, or deceptive XDP content.

Foxit also patched a local privilege escalation issue in the update mechanism, in which the service could load malicious DLLs or executables with elevated privileges during update checks.

 
These 20 vulnerabilities are triggered by specially crafted PDF files containing embedded JavaScript. A user does not install an executable. They simply open a document 😁
I always disable javascript execution in settings with any pdf reader I use; the reason I prefer to use a dedicated pdf reader than a browser for opening pdf files.
 
That's not all.
The historian points out that Foxit is becoming increasingly insecure to use compared to other software:

https://www.cvedetails.com/product/16993/Foxitsoftware-Foxit-Reader.html?vendor_id=7654

https://www.cvedetails.com/vendor/21018/


And today, with AI, it's “easy” to find exploitable remote bugs that haven't yet been detected.
I stopped using any Chinese software, regardless of their vulnerabilities or how good they work.
All the time they are showing some sneaky behavior; Foxit, WPS office, ect.
 
I always disable javascript execution in settings with any pdf reader I use; the reason I prefer to use a dedicated pdf reader than a browser for opening pdf files.
Or simply use a simple PDF reader that does not support JavaScript in the first place.

Honestly, I download a lot of PDF files for my study and this is a nightmare, but I believe OSA has got this covered.